Cisco is a perennial leader in delivering cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide an advanced firewall platform that marshals dedicated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, identify, and mitigate threats automatically. Progent's Cisco-certified CCIE firewall consultants can assist you to plan and carry out an efficient migration to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower appliances with Cisco's subscription-based security services to create and centrally control IT environments that span branch offices, data centers, and cloud resources. Progent can also help you to manage and debug legacy Cisco security appliances. Progent's certified network security experts can help you with policy creation driven by industry best practices in order to build a consistent and effective cybersecurity profile across all your networked devices at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls deliver a major performance boost over Cisco's popular ASA 5500-X firewalls and include unified management of advanced security features such as application visibility and control (AVC), next-generation intrusion protection with risk prioritization, advanced malware protection, URL filtering, and sandboxing. For more information about Cisco's Firepower line of NGFWs Firewalls, visit Cisco Firepower firewalls consulting experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewalls offer combined firewall, VPN, and intrusion prevention system capabilities in single-box packages, delivering a wide array of features to meet the security and compliance requirements of organizations from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls allow network security teams to defend their network perimeter and offer safe remote access while utilizing advanced administration tools built on Cisco's industry-leading firewall technology.
Cisco’s ASA 5500 and PIX firewalls have arrived at end-of-life (EOL) but are still widely used in small and mid-size businesses as well as in some larger networks. Cisco’s ASA 5500-X Series Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. However, Cisco's older model firewalls, if properly managed, continue to deliver a high level of protection by providing multiple security functions such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's acquisition of Sourcefire, the entire line of Cisco ASA 5500-X devices can be configured to support Firepower Services, built on Sourcefire's Snort product, which is the market's most popular network intrusion protection system (IPS). Firepower services bring enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-premier network consultants can assist you to support and debug older ASA 5500 Series and PIX firewall appliances and can also assist you to plan and implement an efficient migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, deploy, optimize, administer and debug new firewall ecosystems built on Cisco's latest ASA 5500-X models with Firepower Services. Progent's firewall consultants can also help your organization to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X security appliances features an improved replacement for every rack-mountable model in the older ASA 5500 line of devices. Each ASA 5500-X model targets the same market as the associated earlier models, which gives small and midsize businesses ample room for picking a firewall that meets their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and support Cisco's powerful security services. All models in Cisco's ASA 5500-X family deliver consistent protection across any mix of physical, virtual, and cloud deployments.
For more details about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA firewalls, visit Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with either software or physical modules that support Cisco's Firepower Services, which provide layered protection against multi-vector threats. Firepower Services are based on technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X firewalls include:
- Multi-layer protection against both familiar and zero-day threats
- Cisco's Advanced Malware Protection that utilizes big data techniques to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, network infrastructure, software applications, and content to detect threats that use simultaneous vectors
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically activate standard and customized IPS policies based on the severity of threats
Firepower Services for ASA 5500-X firewalls offer advanced multi-layered security
Smaller implementations of Cisco ASA firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all ASA 5500-X models. ASDM includes a simple web console for configuring, administering, and debugging ASA 5500-X devices and modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be administered with Firepower Management Center, implemented as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names including Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy control for Firepower firewalls
Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-box ASDM utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for user devices, a dashboard that provides dynamic infrastructure visualization, automated policy optimization based on impact evaluation of threats, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and application interfaces for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances Firewalls leverage engineering developed for the Cisco PIX 500 Series Security Appliance, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall product line to offer a platform that defends against the widest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program protection, network containment, and clean Virtual Private Network connectivity throughout the entire product line. This breadth of protection enables the guarding of any network area, including the most typical attack conduits like remote locations, LAN-connected inside users, and remote connected VPNs.
The expandable design of the ASA 5500 family permits you to add more services by installing security service modules and security service cards. These easy-to-install options give you the option of adding Intrusion Protection and content protection functions such as blocking virus, spyware, and phishing attacks and performing file and web filtering. Beside enabling you to respond quickly to the latest threat vectors, the expandable design of the ASA 5500 family also leverages your capital investment by increasing the useful life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in administrative staff training by utilizing the familiar set of PIX security management tools and protocols such as the Cisco Adaptive Security Device Manager system, protected command-line interface access, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) firewalls provide a high-level of application protection through smart, application-aware inspection engines that analyze network flows at Layers 4-7. This produces a more secure environment covering Web, voice, and 3G-mobile wireless connectivity. To defend against application-layer attacks and to provide better control over the programs and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on protection enforcement technologies that include protocol anomaly sensing and state monitoring. Also included are assault detection and remediation technology including application and protocol command filters and content verification. Cisco Adaptive Security Appliances firewall inspection engines also provide control over IM and tunneling applications, enabling organizations to enforce usage policies and recover bandwidth for important business applications.
For additional information about Progent's support services for Cisco's ASA 5500 firewalls, see ASA 5500 firewalls configuration and troubleshooting support.
Cisco PIX Firewalls
Based around a tested, specialized OS that offers a wealth of protection features, Cisco PIX security appliances provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX firewalls provide security for a wide range of Voice over IP and additional mixed-media standards such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping organizations to safeguard deployments of a wide range of current and upcoming Voice over IP and mixed-media applications.
Cisco PIX firewall appliances feature a wealth of configuration, monitoring, and troubleshooting features, providing IT managers the flexibility to utilize the methods that best match their requirements. Administrative solutions include common, policy-based administration tools, integrated web-based management, and compatibility with remote-monitoring standards such as SNMP and syslog. The integrated ASDM system offers a powerful Web-accessible management platform that greatly simplifies the installation, in-place modification, and tracking of a single Cisco PIX firewall appliance without requiring any additional utility other than an ordinary Web browser and Java plug-in to be installed on a manager's PC.
Administrators can furthermore remotely set up, monitor, and analyze Cisco PIX security appliances via a command-line interface (CLI). Secure command-line interface (CLI) communication is available through several techniques including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewalls also have robust automatic-update features, a collection of advanced secure remote-administration options that ensure firewall configurations and software images are always up to date.
For more details about Progent's support services for Cisco PIX 500 security appliances, see Cisco PIX firewalls configuration and troubleshooting consulting.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has discontinued offering the PIX and ASA 5500 families of firewalls, many companies are concerned about relying on a key infrastructure component that might no longer be supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances have the benefit of being current products and also offer a number of functions and financial benefits in comparison to PIX devices. These benefits include substantially better performance, optional Secure Sockets Layer tunneling capability, and an expandable design that guards your investment by allowing you to self-install new security features whenever you require them. Progent's Cisco certified experts can help your company to assess the business value of for upgrading from PIX or ASA 5500 security appliances, design a migration process that allows for a quick and non-disruptive upgrade, assist your IT staff to set up new ASA 5500-x or Firepower Series appliances, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco Firewalls
Cisco Firepower Series, ASA Series, and PIX firewalls incorporate an array of setup, tracking, and troubleshooting options that give you the ability to deploy these firewalls to match your company's needs. Progent's CCIE authorized network consultants can help you to build an efficient infrastructure that incorporates Cisco firewall technology and that provides advanced security, resilience, performance, and manageability. Progent's CISA and CISM-certified IS security engineers can assist you to develop a security policy that makes sense for your environment and can set up your PIX or ASA firewall to support your security policies. Progent's security evaluation consultants can assess the strength of your existing firewall deployment and help determine the overall security of your entire information system network. Progent’s Technical Response Center (TRC) can deliver urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco expert.
To learn more information about Progent's engineering help for Cisco products, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about professional help for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.